Candidate: CVE-2016-1242
PublicDate: 2016-09-07 19:28:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1242
Description:
 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before
 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote
 authenticated users with certain permissions to read arbitrary files via
 the name parameter or unspecified other vectors.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.tryton.org/issue5808
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N [4.4 MEDIUM]

Patches_tryton-server:
 upstream: https://hg.tryton.org/trytond/rev/1cf79b978221 (4.0)
 upstream: https://hg.tryton.org/trytond/rev/922e8717c9d1 (trunk, tests)
upstream_tryton-server: released (4.0.4-1)
precise_tryton-server: ignored (reached end-of-life)
precise/esm_tryton-server: DNE (precise was needs-triage)
trusty_tryton-server: ignored (reached end-of-life)
trusty/esm_tryton-server: DNE (trusty was needed)
vivid/stable-phone-overlay_tryton-server: DNE
vivid/ubuntu-core_tryton-server: DNE
xenial_tryton-server: ignored (end of standard support, was needed)
yakkety_tryton-server: ignored (reached end-of-life)
zesty_tryton-server: ignored (reached end-of-life)
artful_tryton-server: ignored (reached end-of-life)
bionic_tryton-server: not-affected (4.0.4-1)
cosmic_tryton-server: not-affected (4.0.4-1)
disco_tryton-server: not-affected (4.0.4-1)
eoan_tryton-server: not-affected (4.0.4-1)
focal_tryton-server: not-affected (4.0.4-1)
groovy_tryton-server: not-affected (4.0.4-1)
hirsute_tryton-server: not-affected (4.0.4-1)
impish_tryton-server: not-affected (4.0.4-1)
jammy_tryton-server: not-affected (4.0.4-1)
devel_tryton-server: not-affected (4.0.4-1)